Micro SMBs and a Review of 3 Open Source Mail Gateways
Category Administration
At this year's Linuxworld, there was a showdown between commercial and open-source anti-spam vendors with Kaspersky and ClamAV winning the top ratings. I find this interesting, because one of the expenses for managing messaging, is running SPAM and virus filters. Lowering the cost of filtered mail, reduces the TCO for the entire messaging infrastructure. If an efficient and inexpensive message filter can be found, then a big savings can be reaped--which is especially critical in the SMB market.
There is a plethora of vendors and solutions for enterprise environments. At my company we use Postini in combination with an Ironport gateway, which has proven to be effective. But when the company size starts to lower into the hundreds, tens, or even a SOHO range, well, there just aren't many obvious choices for messaging filters.
The Linuxworld competition is interesting to me because it addresses both cost and efficiency: ClamAV is free, and it is top rated. This means that it can be relied upon as an open-source solution for viral filtering. But what about SPAM? Viruses (and all of their ilk) are always a lurking threat, but SPAM is a daily presence, choking productivity and saturating the messaging bandwidth.
Over the last six months, I've been actively evaluating three open-source messaging-filter gateways for viruses and SPAM. I had tried outsourcing the filtering with some “free” offers by hosted mail gateways, but the results were inadequate for doing business. I think these hosted vendors were presenting more of a marketing opportunity, than a business-grade alternative. It seemed like the free, basic, option was almost intentionally handicapped to drive sales into the commercial choices.
Which has left me with three open-source choices:
Each system has its strengths and weaknesses, and even though I did settle on just one--they all did exactly what they said they would do, and were equally suitable as a filtering, message gateway. All of them use SpamAssassin and ClamAV. Here's a short overview of my hands-on impressions.
Untangle is the most recent and well funded. It's based on the Debian/Knoppix Linux distribution, and has a highly polished GUI. No command line tools or messing with /var files. On the downside, it's more of a resource drain than the others. 500 M of RAM is a minimum and a decent CPU is critical. The Untangle installation is meant to provide a turn-key solution, but it doesn't offer the widest selection of hardware compatibility.
One of my tests was to set up a laptop as a gateway, and there aren't many laptops that come with two or three built in NICs. My solution for bridged sniffers and three-way routers has been to use USB NICs. Dlink manufactures several of these which have a good reputation for Linux compatibility. But, Untangle is the first Linux distribution which does not recognize them (it also failed to recognize a PCMCIA 10/100BT and a PCMCIA wi-fi NIC). So, if you are interested in using Untangle, you'll want generic P4 hardware with at least 1 G of RAM.
The installation of Untangle was straightforward, and it comes with solid documentation to assist. After the setup, you can add modules, but, oddly, you can only include them on your system if you download them directly from Untangle. It would be a lot simpler if everything was included on the installation ISO, and Untangle was used for updates.
Untangle gets my thumbs up, and I think it's going to be a product to watch very closely. It wasn't flexible enough for my immediate needs, but I'll revisit Untangle for another look in a few more months.
EVSA is an integrated amalgam of several different open-source projects and provides a Webmin interface for all configuration. It's very full featured, has an active user forum and you can find a pre-built release as a VM appliance image for the VM Server.
If Untangle didn't give me as much control as I would have perferred, EVSA is nearly overkill in making configuration adjustments. I was in it for two days before I was pleased with the filtering results. EVSA is based on RedHat Fedora. Overall, I give EVSA my thumbs up and I think it's an effective solution, but plan on some serious setup time before it's humming.
IPCop with CopFilter got two thumbs up from me. It has a custom web interface and is the oldest of three solutions. It's extraordinarily well supported and can run on lean resources (e.g., it works terrific on a PIII with 500 M of RAM). I can add just about any NIC or goofy ADSL modem while supporting four networks as a router. The virus configuration was drop-dead easy, and the SPAM filtering took very little effort to become effective.
It's success has it's consequences, and for IPCop this means there is a throng of hanger-on-ers. IPCop has a strong following for non-authorized IPCop add-ons. In fact, the CopFilter is, technically, not a supported add-on. There are modules for integrating MAC address authentication or Dansguardian HTTP content filtering--probably 25 or so possible add-ons and code modifications. Some of these are irresistible additions, but there are no guidelines for interoperability problems or misconfigurations. The forums are actively maintained, so I've never had a problem that stopped the IPCop from working, but I have had the occasion to spend some serious sit-down time in deciphering why one task wasn't working correctly.
Now, you might be wondering why I would be looking over messaging gateways if I don't need it for my job. I'm not about to replace a high-end commercial, enterprise grade offering like Postini for one of these little systems. My department processes over 150K e-mails a day. Hm. Just how long would it take train the Bayesian filter for that load?
I'm looking for a better messaging gateway solution for a secret project, which I hope to be able to unveil in a few months.
At this year's Linuxworld, there was a showdown between commercial and open-source anti-spam vendors with Kaspersky and ClamAV winning the top ratings. I find this interesting, because one of the expenses for managing messaging, is running SPAM and virus filters. Lowering the cost of filtered mail, reduces the TCO for the entire messaging infrastructure. If an efficient and inexpensive message filter can be found, then a big savings can be reaped--which is especially critical in the SMB market.
There is a plethora of vendors and solutions for enterprise environments. At my company we use Postini in combination with an Ironport gateway, which has proven to be effective. But when the company size starts to lower into the hundreds, tens, or even a SOHO range, well, there just aren't many obvious choices for messaging filters.
The Linuxworld competition is interesting to me because it addresses both cost and efficiency: ClamAV is free, and it is top rated. This means that it can be relied upon as an open-source solution for viral filtering. But what about SPAM? Viruses (and all of their ilk) are always a lurking threat, but SPAM is a daily presence, choking productivity and saturating the messaging bandwidth.
Over the last six months, I've been actively evaluating three open-source messaging-filter gateways for viruses and SPAM. I had tried outsourcing the filtering with some “free” offers by hosted mail gateways, but the results were inadequate for doing business. I think these hosted vendors were presenting more of a marketing opportunity, than a business-grade alternative. It seemed like the free, basic, option was almost intentionally handicapped to drive sales into the commercial choices.
Which has left me with three open-source choices:
- EVSA, from http://www.Global-Domination.org
- Untangle, from http://www.Untangle.com
- IPCop w/CopFilter, http://www.copfilter.org/
Each system has its strengths and weaknesses, and even though I did settle on just one--they all did exactly what they said they would do, and were equally suitable as a filtering, message gateway. All of them use SpamAssassin and ClamAV. Here's a short overview of my hands-on impressions.
Untangle is the most recent and well funded. It's based on the Debian/Knoppix Linux distribution, and has a highly polished GUI. No command line tools or messing with /var files. On the downside, it's more of a resource drain than the others. 500 M of RAM is a minimum and a decent CPU is critical. The Untangle installation is meant to provide a turn-key solution, but it doesn't offer the widest selection of hardware compatibility.
One of my tests was to set up a laptop as a gateway, and there aren't many laptops that come with two or three built in NICs. My solution for bridged sniffers and three-way routers has been to use USB NICs. Dlink manufactures several of these which have a good reputation for Linux compatibility. But, Untangle is the first Linux distribution which does not recognize them (it also failed to recognize a PCMCIA 10/100BT and a PCMCIA wi-fi NIC). So, if you are interested in using Untangle, you'll want generic P4 hardware with at least 1 G of RAM.
The installation of Untangle was straightforward, and it comes with solid documentation to assist. After the setup, you can add modules, but, oddly, you can only include them on your system if you download them directly from Untangle. It would be a lot simpler if everything was included on the installation ISO, and Untangle was used for updates.
Untangle gets my thumbs up, and I think it's going to be a product to watch very closely. It wasn't flexible enough for my immediate needs, but I'll revisit Untangle for another look in a few more months.
EVSA is an integrated amalgam of several different open-source projects and provides a Webmin interface for all configuration. It's very full featured, has an active user forum and you can find a pre-built release as a VM appliance image for the VM Server.
If Untangle didn't give me as much control as I would have perferred, EVSA is nearly overkill in making configuration adjustments. I was in it for two days before I was pleased with the filtering results. EVSA is based on RedHat Fedora. Overall, I give EVSA my thumbs up and I think it's an effective solution, but plan on some serious setup time before it's humming.
IPCop with CopFilter got two thumbs up from me. It has a custom web interface and is the oldest of three solutions. It's extraordinarily well supported and can run on lean resources (e.g., it works terrific on a PIII with 500 M of RAM). I can add just about any NIC or goofy ADSL modem while supporting four networks as a router. The virus configuration was drop-dead easy, and the SPAM filtering took very little effort to become effective.
It's success has it's consequences, and for IPCop this means there is a throng of hanger-on-ers. IPCop has a strong following for non-authorized IPCop add-ons. In fact, the CopFilter is, technically, not a supported add-on. There are modules for integrating MAC address authentication or Dansguardian HTTP content filtering--probably 25 or so possible add-ons and code modifications. Some of these are irresistible additions, but there are no guidelines for interoperability problems or misconfigurations. The forums are actively maintained, so I've never had a problem that stopped the IPCop from working, but I have had the occasion to spend some serious sit-down time in deciphering why one task wasn't working correctly.
Now, you might be wondering why I would be looking over messaging gateways if I don't need it for my job. I'm not about to replace a high-end commercial, enterprise grade offering like Postini for one of these little systems. My department processes over 150K e-mails a day. Hm. Just how long would it take train the Bayesian filter for that load?
I'm looking for a better messaging gateway solution for a secret project, which I hope to be able to unveil in a few months.
- 
